Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6b6873a8 by security tracker role at 2023-01-21T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2023-24053
+ RESERVED
+CVE-2023-24052
+ RESERVED
+CVE-2023-24051
+ RESERVED
+CVE-2023-24050
+ RESERVED
+CVE-2023-24049
+ RESERVED
+CVE-2023-24048
+ RESERVED
+CVE-2023-24047
+ RESERVED
+CVE-2023-24046
+ RESERVED
+CVE-2023-24045
+ RESERVED
+CVE-2023-24044
+ RESERVED
+CVE-2023-24043
+ RESERVED
+CVE-2023-24042 (A race condition in LightFTP through 2.2 allows an attacker to
achieve ...)
+ TODO: check
+CVE-2023-24041
+ RESERVED
+CVE-2023-24040 (** UNSUPPORTED WHEN ASSIGNED ** dtprintinfo in Common Desktop
Environm ...)
+ TODO: check
+CVE-2023-24039 (** UNSUPPORTED WHEN ASSIGNED ** A stack-based buffer overflow
in Parse ...)
+ TODO: check
+CVE-2023-24038 (The HTML-StripScripts module through 1.06 for Perl allows
_hss_attval_ ...)
+ TODO: check
+CVE-2023-24037
+ RESERVED
+CVE-2023-24036
+ RESERVED
+CVE-2023-24035
+ RESERVED
+CVE-2023-24034
+ RESERVED
+CVE-2023-24033
+ RESERVED
+CVE-2023-24032
+ RESERVED
+CVE-2023-24031
+ RESERVED
+CVE-2023-24030
+ RESERVED
+CVE-2023-24029
+ RESERVED
+CVE-2023-24028 (In MISP 2.4.167, app/Controller/Component/ACLComponent.php has
incorre ...)
+ TODO: check
+CVE-2023-24027 (In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via
a netwo ...)
+ TODO: check
+CVE-2023-24026 (In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS
vulnerabilit ...)
+ TODO: check
+CVE-2023-24025 (CRYSTALS-DILITHIUM (in Post-Quantum Cryptography Selected
Algorithms 2 ...)
+ TODO: check
+CVE-2023-24024
+ RESERVED
+CVE-2023-24023
+ RESERVED
+CVE-2023-24022
+ RESERVED
+CVE-2023-0432
+ RESERVED
+CVE-2023-0431
+ RESERVED
+CVE-2020-36655 (Yii Yii2 Gii before 2.2.2 allows remote attackers to execute
arbitrary ...)
+ TODO: check
CVE-2023-24021 (In ModSecurity before 2.9.7, FILES_TMP_CONTENT sometimes
lacked the co ...)
- modsecurity-apache <unfixed>
[bullseye] - modsecurity-apache <no-dsa> (Minor issue)
@@ -1154,8 +1224,8 @@ CVE-2023-23609
RESERVED
CVE-2023-23608
RESERVED
-CVE-2023-23607
- RESERVED
+CVE-2023-23607 (erohtar/Dasherr is a dashboard for self-hosted services. In
affected v ...)
+ TODO: check
CVE-2023-23606
RESERVED
- firefox 109.0-1
@@ -3834,8 +3904,8 @@ CVE-2023-22744
RESERVED
CVE-2023-22743
RESERVED
-CVE-2023-22742
- RESERVED
+CVE-2023-22742 (libgit2 is a cross-platform, linkable library implementation
of Git. W ...)
+ TODO: check
CVE-2023-22741 (Sofia-SIP is an open-source SIP User-Agent library, compliant
with the ...)
TODO: check
CVE-2023-22740
@@ -3866,8 +3936,8 @@ CVE-2023-22728
RESERVED
CVE-2023-22727 (CakePHP is a development framework for PHP web apps. In
affected versi ...)
NOT-FOR-US: CakePHP
-CVE-2023-22726
- RESERVED
+CVE-2023-22726 (act is a project which allows for local running of github
actions. The ...)
+ TODO: check
CVE-2023-22725
RESERVED
CVE-2023-22724
@@ -4327,8 +4397,8 @@ CVE-2023-0054 (Out-of-bounds Write in GitHub repository
vim/vim prior to 9.0.114
NOTE:
https://github.com/vim/vim/commit/3ac1d97a1d9353490493d30088256360435f7731
(v9.0.1145)
CVE-2023-0053
RESERVED
-CVE-2023-0052
- RESERVED
+CVE-2023-0052 (SAUTER Controls Nova 200–220 Series with firmware version
3.3-00 ...)
+ TODO: check
CVE-2023-0051 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 9.0.1 ...)
- vim <unfixed> (unimportant)
NOTE: https://huntr.dev/bounties/1c8686db-baa6-42dc-ba45-aed322802de9
@@ -15565,6 +15635,7 @@ CVE-2022-3972 (A vulnerability was found in Pingkon
HMS-PHP. It has been rated a
CVE-2022-3971 (A vulnerability was found in matrix-appservice-irc up to
0.35.1. It ha ...)
NOT-FOR-US: matrix-appservice-irc
CVE-2022-3970 (A vulnerability was found in LibTIFF. It has been classified as
critic ...)
+ {DLA-3278-1}
- tiff 4.4.0-6 (bug #1024737)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be
@@ -15952,8 +16023,8 @@ CVE-2022-45064
RESERVED
CVE-2022-3919 (The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise
and es ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3918
- RESERVED
+CVE-2022-3918 (A program using FoundationNetworking in
swift-corelibs-foundation is p ...)
+ TODO: check
CVE-2022-3917 (Improper access control of bootloader function was discovered
in Motor ...)
NOT-FOR-US: Motorola
CVE-2022-3916
@@ -22981,10 +23052,12 @@ CVE-2022-3628 (A buffer overflow flaw was found in
the Linux kernel Broadcom Ful
[bullseye] - linux 5.10.158-1
NOTE: https://www.openwall.com/lists/oss-security/2022/10/29/1
CVE-2022-3627 (LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in
libtiff/tif ...)
+ {DLA-3278-1}
- tiff 4.4.0-5 (bug #1022555)
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/411
CVE-2022-3626 (LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in
libtiff/tif ...)
+ {DLA-3278-1}
- tiff 4.4.0-5 (bug #1022555)
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/426
@@ -23069,14 +23142,17 @@ CVE-2022-3601 (The Image Hover Effects Css3 WordPress
plugin through 4.5 does no
CVE-2022-3600 (The Easy Digital Downloads WordPress plugin before 3.1.0.2 does
not va ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3599 (LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection
in tools ...)
+ {DLA-3278-1}
- tiff 4.4.0-5 (bug #1022555)
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/398
CVE-2022-3598 (LibTIFF 4.4.0 has an out-of-bounds write in
extractContigSamplesShifte ...)
+ {DLA-3278-1}
- tiff 4.4.0-5 (bug #1022555)
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/cfbb883bf6ea7bedcb04177cc4e52d304522fdff
(v4.5.0rc1)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/435
CVE-2022-3597 (LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in
libtiff/tif ...)
+ {DLA-3278-1}
- tiff 4.4.0-5 (bug #1022555)
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/413
@@ -23279,6 +23355,7 @@ CVE-2022-3572
CVE-2022-3571
RESERVED
CVE-2022-3570 (Multiple heap buffer overflows in tiffcrop.c utility in libtiff
librar ...)
+ {DLA-3278-1}
- tiff 4.4.0-5 (bug #1022555)
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/cfbb883bf6ea7bedcb04177cc4e52d304522fdff
(v4.5.0rc1)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/381
@@ -36589,17 +36666,20 @@ CVE-2022-38105 (An information disclosure
vulnerability exists in the cm_process
CVE-2022-2870 (A vulnerability was found in laravel 5.1 and classified as
problematic ...)
NOTE: Additional misreport for laravel, likely to be rejected
CVE-2022-2869 (libtiff's tiffcrop tool has a uint32_t underflow which leads to
out of ...)
+ {DLA-3278-1}
- tiff 4.4.0~rc1-1
[bullseye] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/352
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/07d79fcac2ead271b60e32aeb80f7b4f3be9ac8c
(v4.4.0rc1)
CVE-2022-2868 (libtiff's tiffcrop utility has a improper input validation flaw
that c ...)
+ {DLA-3278-1}
- tiff 4.4.0~rc1-1
[bullseye] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/335
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/294
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/07d79fcac2ead271b60e32aeb80f7b4f3be9ac8c
(v4.4.0rc1)
CVE-2022-2867 (libtiff's tiffcrop utility has a uint32_t underflow that can
lead to o ...)
+ {DLA-3278-1}
- tiff 4.4.0~rc1-1
[bullseye] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/350
@@ -47155,6 +47235,7 @@ CVE-2022-34528 (D-Link DSL-3782 v1.03 and below was
discovered to contain a stac
CVE-2022-34527 (D-Link DSL-3782 v1.03 and below was discovered to contain a
command in ...)
NOT-FOR-US: D-Link
CVE-2022-34526 (A stack overflow was discovered in the _TIFFVGetField function
of Tiff ...)
+ {DLA-3278-1}
- tiff 4.4.0-4
[bullseye] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/433
@@ -51124,18 +51205,21 @@ CVE-2017-20053 (A vulnerability was found in
XYZScripts Contact Form Manager Plu
CVE-2017-20052 (A vulnerability classified as problematic was found in Python
2.7.13. ...)
NOT-FOR-US: pgadmin on Windows
CVE-2022-2058 (Divide By Zero error in tiffcrop in libtiff 4.4.0 allows
attackers to ...)
+ {DLA-3278-1}
- tiff 4.4.0-3 (bug #1014494)
[bullseye] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/428
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/346
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab
CVE-2022-2057 (Divide By Zero error in tiffcrop in libtiff 4.4.0 allows
attackers to ...)
+ {DLA-3278-1}
- tiff 4.4.0-3 (bug #1014494)
[bullseye] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/427
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/346
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab
CVE-2022-2056 (Divide By Zero error in tiffcrop in libtiff 4.4.0 allows
attackers to ...)
+ {DLA-3278-1}
- tiff 4.4.0-3 (bug #1014494)
[bullseye] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/415
@@ -62076,12 +62160,14 @@ CVE-2022-1357 (The affected On-Premise cnMaestro
allows an unauthenticated attac
CVE-2022-1356 (cnMaestro is vulnerable to a local privilege escalation. By
default, a ...)
NOT-FOR-US: Cambium Networks cnMaestro
CVE-2022-1355 (A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in
main() ...)
+ {DLA-3278-1}
- tiff 4.3.0-8 (bug #1011160)
[bullseye] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/400
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/323
NOTE: Fixed by:
https://gitlab.com/libtiff/libtiff/-/commit/c1ae29f9ebacd29b7c3e0c7db671af7db3584bc2
CVE-2022-1354 (A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c
in TIFFR ...)
+ {DLA-3278-1}
- tiff 4.3.0-7
[bullseye] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/319
@@ -66044,8 +66130,8 @@ CVE-2022-27948 (** DISPUTED ** Certain Tesla vehicles
through 2022-03-26 allow a
NOT-FOR-US: Tesla
CVE-2022-1110 (A buffer overflow vulnerability in Lenovo Smart Standby Driver
prior t ...)
NOT-FOR-US: Lenovo
-CVE-2022-1109
- RESERVED
+CVE-2022-1109 (An incorrect default permissions vulnerability in Lenovo Leyun
cloud m ...)
+ TODO: check
CVE-2022-1108 (A potential vulnerability due to improper buffer validation in
the SMI ...)
NOT-FOR-US: Lenovo
CVE-2022-1107 (During an internal product security audit a potential
vulnerability du ...)
@@ -121504,10 +121590,10 @@ CVE-2021-33644 (An attacker who submits a crafted
tar file with size in header s
NOT-FOR-US: Huawei OpenEuler OS
CVE-2021-33643 (An attacker who submits a crafted tar file with size in header
struct ...)
NOT-FOR-US: Huawei OpenEuler OS
-CVE-2021-33642
- RESERVED
-CVE-2021-33641
- RESERVED
+CVE-2021-33642 (When a file is processed, an infinite loop occurs in
next_inline() of ...)
+ TODO: check
+CVE-2021-33641 (When processing files, malloc stores the data of the current
line. Whe ...)
+ TODO: check
CVE-2021-33640 (After tar_close(), libtar.c releases the memory pointed to by
pointer ...)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2143012
TODO: check details, possibly Huawei OpenEuler OS specific as the
related CVEs
@@ -174590,8 +174676,8 @@ CVE-2020-25504
RESERVED
CVE-2020-25503
RESERVED
-CVE-2020-25502
- RESERVED
+CVE-2020-25502 (Cybereason EDR version 19.1.282 and above, 19.2.182 and above,
20.1.34 ...)
+ TODO: check
CVE-2020-25501
RESERVED
CVE-2020-25500
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b6873a8eb6f2f677d4c6077691d50c5d90c0933
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b6873a8eb6f2f677d4c6077691d50c5d90c0933
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
